SmartCloud Enterprise: Using a SOCKS Proxy with VLANsAlex Amies
- SOCKS Overview
- Prerequisites
– install PuTTY, PuTTYgen, and SCE CLT
- Basic demo
- Provision a virtual machine to act as SOCKS proxy
- Start PuTTY with SOCKS proxy option
- Access web server using SOCKS
- Troubleshooting
Alternative Path: Using the cloud web user interface
- Extended demo for VLAN connectivity
- Connecting to SOCKS with other client types
SDN in the Management Plane: OpenConfig and Streaming TelemetryAnees Shaikh
The networking industry has made good progress in the last few years on developing programmable interfaces and protocols for the control plane to enable a more dynamic and efficient infrastructure. Despite this progress, some parts of networking risk being left behind, most notably network management and configuration. The state-of-the-art in network management remains relegated to proprietary device interfaces (e.g., CLIs), imperative, incremental configuration, and lack of meaningful abstractions.
We propose a framework for network configuration guided by software-defined networking principles, with a focus on developing common models of network devices, and common languages to describe network structure and policies. We also propose a publish/subscribe framework for next generation network telemetry, focused on streaming structured data from network elements themselves.
3. お客様の環境
関連会社A 関連会社X 関連会社Z
AP
Server ・・・・
AP
Server
AP AP ・・・・ AP
14台
Server Server Server
CPU&Memory
の負荷増大
お客様の環境
DMZ
AP
Server 1台
内部セグメント
RDB
copyright Affordance Corp. 3
14. VPC with Single Public Subnet Only VPC with Public and Private Subnets
VPC with Public and Private Subnets VPC with Private Subnet Only
and Hardware VPN Access Hardware VPN Access
copyright Affordance Corp. 14
15. お客様の環境
関連会社A 関連会社X 関連会社Z
AP
Server ・・・・
AP
Server
AP AP ・・・・ AP
14台
Server Server Server
お客様の環境
DMZ
AP
Server 1台
内部セグメント
RDB
copyright Affordance Corp. 15
16. 関連会社A ・・・ 関連会社X 関連会社Z
VPN Connection
Internet Gateway
172.16.0.0/16
172.16.1.11
Customer AP
Gateway Server
172.16.0.250
(Cisco ASA5510)
open Security Group-ap
swan
172.16.1.0/24
AP Security Group-os VPC public Subnet
Server
172.16.0.0/24 Availability Zone-a
VPC public Subnet
Availability Zone-a
Elastic Load
Balancer
DB 172.16.2.11
192.168.2.0/24 AP
Server
お客様環境 Security Group-ap
172.16.2.0/24
VPC public Subnet
copyright Affordance Corp. Availability Zone-b 16
20. ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.37/K3.2.12-3.2.4.amzn1.i686 (netkey)
Checking for IPsec support in kernel [OK]
SAref kernel support [N/A]
NETKEY: Testing XFRM related proc values [FAILED]
Please disable /proc/sys/net/ipv4/conf/*/send_redirects
or NETKEY will cause the sending of bogus ICMP redirects!
[FAILED] sysctlの設定を有効化
sysctl -p
Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
or NETKEY will accept bogus ICMP redirects!
[OK]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for NAT-T on udp 4500 [OK]
Checking for 'ip' command [OK]
Checking /bin/sh is not /bin/dash [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
copyright Affordance Corp. 20
31. 関連会社A ・・・ 関連会社X 関連会社Z
VPN Connection
Internet Gateway
172.16.0.0/16
172.16.1.11
Customer AP
Gateway Server
172.16.0.250
(Cisco ASA5510)
open Security Group-ap
swan
172.16.1.0/24
AP Security Group-os VPC public Subnet
Server
172.16.0.0/24 Availability Zone-a
VPC public Subnet
Availability Zone-a
Elastic Load
Balancer
DB 172.16.2.11
192.168.2.0/24 AP
Server
お客様環境 Security Group-ap
172.16.2.0/24
VPC public Subnet
copyright Affordance Corp. Availability Zone-b 31